While trying to get my Nextcloud instance to talk to an OpenCloud Test instance I had to dig a little deeper into the unterlying protocol: Open Cloud Mesh (or short OCM, details s. RFC-draft).
TL;DR: For everyone keen to get things up and running: I didn’t succeed (yet). And though I really like the idea of being able to share data between different cloud solutions, it looks like we’re not yet there when it comes to interoperability.
OCM discovery
As described in the OCM RFC draft (4.1. Process), discovery is done the following way:
- Try to extract the FQDN from the specified OCM address
- Try a HTTP GET request on
https://<FQDN>/.well-known/ocm- if that returns a valid JSON object, go to 5, otherwise
- Try a HTTP GET request on
https://<FQDN>/ocm-provider- if that returns a valid JSON object, go to 5, otherwise
- Negotiation failed
- Continue with information returned in JSON object
Preparing Nextcloud
With some past release the OCM functionality was moved to the "federation" application. After installing/activating that app you can add "Trusted servers" ("Administrative Settings" -> "Sharing" -> "Trusted servers"). If these servers allow the connection even user/group lists can be transferred from there (not yet tested).
Check OCM endpoint "/ocm-provider" (maybe a redirect from "/.well-known/ocm" should be here?):
linux # curl -s https://nextcloud.mydomain.de/ocm-provider | jq
{
"enabled": true,
"apiVersion": "1.0-proposal1",
"version": "1.1",
"endPoint": "https://cloud.mydomain.de/index.php/ocm",
"publicKey": {
"keyId": "https://cloud.mydomain.de/ocm#signature",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMII<...>\n-----END PUBLIC KEY-----\n"
},
"resourceTypes": [
{
"name": "file",
"shareTypes": [
"user",
"group"
],
"protocols": {
"webdav": "/public.php/webdav/"
}
}
]
}Preparing OwnCloud
My OwnCloud test also based on the docker container (behind the apache reverse proxy).
The OCM URL (nearly) is the same as the Nextcloud one – but it requires a trailing “/” to work:
linux # curl -L https://owncloud.mydomain.de/ocm-provider/ | jq
{
"enabled": true,
"apiVersion": "1.0-proposal1",
"endPoint": "https://owncloud.mydomain.de/apps/federatedfilesharing",
"shareTypes": [
{
"name": "file",
"protocols": {
"webdav": "/public.php/webdav/"
}
}
]
}Preparing OpenCloud
In order to activate OCM with OpenCloud (docker installation), we’ll need to add "OC_ENABLE_OCM=true" to the docker environment.
We also need to provide a list of trusted servers in /etc/opencloud/ocmproviders.json.
Details about how to set things up can be found here.
Check OCM endpoint "/.well-known/ocm":
linux # curl -s https://opencloud.mydomain.de/.well-known/ocm
{
"enabled": true,
"apiVersion": "1.1.0",
"endPoint": "https://opencloud.mydomain.de/ocm",
"provider": "OpenCloud",
"resourceTypes": [
{
"name": "file",
"shareTypes": [
"user"
],
"protocols": {
"webdav": "/dav/ocm"
}
}
],
"capabilities": [
"/invite-accepted"
]
}Other implementations
OCM is also supported by seafile and CERNBox.
Test runs
My first test turned out to be overly optimistic: I wanted to share a file from OpenCloud to my existing Nextcloud instance. This still doesn’t work, but during the analysis I did some broader testing and here’s what I found on the way:
Test #1: Nextcloud / Nextcloud
So I started to verify, that my Nextcloud could share files with other Nextcloud instances. For that I used a Nextcloud instance of a friend of mine and it worked flawlessly.
For further testing I started up another local Nextcloud docker instance (called "nctest.mydomain", using Apache as reverse proxy and for SSL termination).
Trying to share files from my pre-existing Nextcloud instance failed however … so why does it work with an external instance but not with the one within my own domain?
While trying to add the newly created docker Nextcloud server to the "Trusted server" list (which failed) I got some hints in the nextcloud log:
Host "192.168.123.45" (nctest.mydomain.de) violates local access rulesI don’t know nothing about those “local access rules” but the suggested workaround was to add an extra option to Nextcloud’s configuration:
linux # vi config/config.php
<...>
'allow_local_remote_servers' => true,
<...>After restarting Nextcloud – in my case that meant restarting php-fpm – things started to work:
linux # systemctl restart php8.3-fpmJust shared a file/a directory using the federation app and got a notification on the other (Nextcloud) site.
Test #2: ownCloud / Nextcloud
There’s not much to say about that one: With the preparations done in #1 federated sharing between those two worked out of the box.
Test #3: OpenCloud to anything else … TBD
The Opencloud configuration seems to be another beast: the documentation is quite lacking and there’s little experience with it (no wonder considering the age of this project).
So once again all I can say right now is: Stay tuned … I’ll report back once I got it up and running.
Site notes
Nextcloud
You do not need the “Trusted server” config in order to share files/directories.
However you’ll need trusted servers to share the usernames for something like auto-completion.
In case the status of the trusted servers stays yellow, make sure to run Nextcloud’s cron.php and sync the addressbooks:
linux # docker run -ti --user www-data nctest php -f cron.php
linux # docker run -ti --user www-data nctest php occ federation:sync-addressbooksSome more details about what’s going on can be found here.
ownCloud
While trying to use the occ command in ownCloud I got some database related error messages. Turns out that within the ownCloud docker image there’s a /usr/bin/occ command that works fine, while "php occ" will result in a database error.